Ubuntu 1990-1: X.Org X server vulnerabilities

    Date17 Oct 2013
    CategoryUbuntu
    36
    Posted ByLinuxSecurity Advisories
    The X.Org X server could be made to crash or run programs as an administrator if it received specially crafted input.
    ==========================================================================
    Ubuntu Security Notice USN-1990-1
    October 17, 2013
    
    xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring vulnerabilities
    ==========================================================================
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 13.04
    - Ubuntu 12.10
    - Ubuntu 12.04 LTS
    
    Summary:
    
    The X.Org X server could be made to crash or run programs as an
    administrator if it received specially crafted input.
    
    Software Description:
    - xorg-server: X.Org X11 server
    - xorg-server-lts-quantal: X.Org X11 server
    - xorg-server-lts-raring: X.Org X11 server
    
    Details:
    
    Pedro Ribeiro discovered that the X.Org X server incorrectly handled
    memory operations when handling ImageText requests. An attacker could use
    this issue to cause X.Org to crash, or to possibly execute arbitrary code.
    (CVE-2013-4396)
    
    It was discovered that non-root X.Org X servers such as Xephyr incorrectly
    used cached xkb files. A local attacker could use this flaw to cause a xkb
    cache file to be loaded by another user, resulting in a denial of service.
    (CVE-2013-1056)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 13.04:
      xserver-xorg-core               2:1.13.3-0ubuntu6.2
    
    Ubuntu 12.10:
      xserver-xorg-core               2:1.13.0-0ubuntu6.4
    
    Ubuntu 12.04 LTS:
      xserver-xorg-core               2:1.11.4-0ubuntu10.14
      xserver-xorg-core-lts-quantal   2:1.13.0-0ubuntu6.1~precise4
      xserver-xorg-core-lts-raring    2:1.13.3-0ubuntu6~precise3
    
    After a standard system update you need to reboot your computer to make
    all the necessary changes.
    
    References:
      http://www.ubuntu.com/usn/usn-1990-1
      CVE-2013-1056, CVE-2013-4396
    
    Package Information:
      https://launchpad.net/ubuntu/+source/xorg-server/2:1.13.3-0ubuntu6.2
      https://launchpad.net/ubuntu/+source/xorg-server/2:1.13.0-0ubuntu6.4
      https://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.14
    
    https://launchpad.net/ubuntu/+source/xorg-server-lts-quantal/2:1.13.0-0ubuntu6.1~precise4
    
    https://launchpad.net/ubuntu/+source/xorg-server-lts-raring/2:1.13.3-0ubuntu6~precise3
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.